Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project clone should respect workspace CAs #455

Closed
sleshchenko opened this issue Jun 15, 2021 · 1 comment
Closed

Project clone should respect workspace CAs #455

sleshchenko opened this issue Jun 15, 2021 · 1 comment
Assignees
@amisevsk
Labels
sprint/current Is assigned to issues which are planned to work on in the current team sprint

Comments

@sleshchenko
Copy link
Member

sleshchenko commented Jun 15, 2021
edited
Loading

Project clone should respect workspace CAs.
It's critical for airgap mode of CRW, where devfile registry serves projects as zip archives though self-signed https. Note: as alternative we could use internal network which is HTTP, but then we have another issue that NetworkPolicies should be configured in the corresponding way.
@sleshchenko sleshchenko mentioned this issue Jul 9, 2021
Closed
16 tasks
@sleshchenko sleshchenko added sprint/current Is assigned to issues which are planned to work on in the current team sprint and removed sprint/next labels Jul 9, 2021
@amisevsk amisevsk self-assigned this Jul 15, 2021
@amisevsk
Copy link
Collaborator

This feature is supported by automounting secrets/configmaps and the (current) project clone container. To add a self-signed cert to your DevWorkspace, the process is

  1. Get the certificate (e.g. for testing with the devfile registry and crc, get the crc ingress operator cert)
  2. Create a secret from the cert: 
    kubectl create secret generic selfsigned-cert-secret \
  --from-file=cluster.crt=/path/to/cert/from/step/one
  3. Annotate the secret to be mounted to DevWorkspaces: 
    kubectl patch secret selfsigned-cert-secret --type merge -p \
  '{
    "metadata": {
      "labels": {
        "controller.devfile.io/mount-to-devworkspace": "true"
      }, 
      "annotations": {
        "controller.devfile.io/mount-path": "/usr/local/share/ca-certificates/"
      }
    }
  }'

This was referenced Jul 15, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amisevsk amisevsk

Labels
sprint/current Is assigned to issues which are planned to work on in the current team sprint
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sleshchenko @amisevsk